HSRP configuration ...

jigar.sheth · ‎05-24-2012

i had designed the network using HSRP...for hardware redunduncy

my configuration is below

r1

l3_1 l3_2

l2

host_1 host_2

On L3_1

int fa0/0

ip add 192.168.1.1 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

standby 1 priority 105

standby 2 ip 192.168.1.20

standby 2 preempt

On

int fa0/0

ip add 192.168.1.2 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

standby 2 ip 192.168.1.20

standby 2 priority 105

standby 2 preempt

Problem:

with above configuration when L3_1 switch fails L3_2 swich takes over L3_1 for group 1 but when L3_1 comes up after failing it doesn't takes over L3_2 due to high priority.

pl. suggest the solution.

Tagir Temirgaliyev · ‎05-24-2012

Hi

I am not shure why you need 2 ip addresses .10 and .20 ?

for only one address

On L3_1

int fa0/0

ip add 192.168.1.1 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

On L3_2

int fa0/0

ip add 192.168.1.2 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

standby 1 priority 50

for two addresses

On L3_1

int fa0/0

ip add 192.168.1.1 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

standby 1 priority 105

standby 2 ip 192.168.1.20

standby 2 priority 105

standby 2 preempt

On L3_2

int fa0/0

ip add 192.168.1.2 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

standby 2 ip 192.168.1.20

standby 2 preempt

dont forget rate post

jigar.sheth · ‎05-24-2012

.10 for standby group 1 for host_1

.20 for standby group 2 for host_2

This is active active senario.

cadet alain · ‎05-24-2012

Hi,

can you post output of debug standby on both devices when reenabling the first device and also put the output from

show standby when device 1 is up and when it is down then up again.

Regards.

Alain

Don't forget to rate helpful posts.

Richard Burts · ‎05-24-2012

Perhaps I am not understanding correctly what you are asking. Given the configuration that you posted L3_1 should be the active member for group 1 based on the configured priority. When L3_1 fails then L3_2 should become the active member. When L3_1 returns to service then it should again become the active member for group 1. Are you saying that this is not the case?

If that is the case then we need some additional information to help solve this issue. Please post the output of show standby from both switches when in the initial situation where both switches are up and L3_1 is active for group 1. Then fail the switch. Then do another show standby and post the results. Then bring the switch back up. Then do another show standby on both switches and post the output.

HTH

Rick

HTH

Rick

John Blakley · ‎05-24-2012

ttermirgaliyev,

This type of configuration is for administrators who want to use HSRP in a load balance mode. Half of the users will point to .10 as the gateway and the other half will point to .20. That's why it's configured this way. As you know, HSRP only has 1 active router for a group leaving the other routers in the group not doing anything. The priorities are to set router 1 as the primary for .10 and to set router 2 as the primary for .20. If he puts the priority of both groups on the same router, he wouldn't accomplish load balancing because the other router would still be in a standby state for both groups instead of standby for the 1st group and active for the 2nd. (The way that it should be now.)

HTH,

John

HTH, John *** Please rate all useful posts ***

jigar.sheth · ‎05-24-2012

you are right...

so what should be the configuration for both L3 such that L3_1 and L3_2 should be active after the recovering fail over for there respective group.

Richard Burts · ‎05-24-2012

The configuration shown in the original post should work such that when both L3 switches are up and active then L3_1 should be active for group 1 and L3_2 should be active for group 2. If that is not the case then I suggest that you verify that things are really connected and working as shown in your diagram. And if that is correct then you should post the outputs of show standby and perhaps of debug standby that have been requested.

HTH

Rick

HTH

Rick

Kishore Chennupati · ‎05-24-2012

hi jigar,

your config is very simple and straightforward. As suggested by other experts here, please type the output of the commands and we should be able to check it. Also run a debug as well so that we can if the FSM of HSRP is changing states etc. I mean it goes from standby-> speak--> Active etc..it would be good to see that as well

HTH

Kishore

jigar.sheth · ‎05-24-2012

l3_1 Before fail

L3_1(config)#do sh stand

FastEthernet0/1 - Group 1

State is Active

2 state changes, last state change 00:12:18

Virtual IP address is 192.168.1.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.216 secs

Preemption enabled

Active router is local

Standby router is 192.168.1.2, priority 100 (expires in 7.664 sec)

Priority 105 (configured 105)

IP redundancy name is "hsrp-Fa0/1-1" (default)

FastEthernet0/1 - Group 2

State is Standby

4 state changes, last state change 00:07:57

Virtual IP address is 192.168.1.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.484 secs

Preemption enabled

Active router is 192.168.1.2, priority 105 (expires in 8.568 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Fa0/1-2" (default)

l3_2 Before fail

L3_2(config)#DO SH STAND

FastEthernet0/1 - Group 1

State is Standby

1 state change, last state change 00:04:20

Virtual IP address is 192.168.1.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.620 secs

Preemption enabled

Active router is 192.168.1.1, priority 105 (expires in 7.376 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Fa0/1-1" (default)

FastEthernet0/1 - Group 2

State is Active

2 state changes, last state change 00:03:52

Virtual IP address is 192.168.1.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.620 secs

Preemption enabled

Active router is local

Standby router is 192.168.1.1, priority 100 (expires in 7.372 sec)

Priority 105 (configured 105)

IP redundancy name is "hsrp-Fa0/1-2" (default)

---------------------------------------------------------------------------------------------------

L3_1 after fail

L3_1#sh standby

FastEthernet0/1 - Group 1

State is Active

1 state change, last state change 00:00:53

Virtual IP address is 192.168.1.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.100 secs

Preemption enabled

Active router is local

Standby router is 192.168.1.2, priority 100 (expires in 8.456 sec)

Priority 105 (configured 105)

IP redundancy name is "hsrp-Fa0/1-1" (default)

FastEthernet0/1 - Group 2

State is Standby

1 state change, last state change 00:00:35

Virtual IP address is 192.168.1.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.128 secs

Preemption enabled

Active router is 192.168.1.2, priority 105 (expires in 8.068 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Fa0/1-2" (default)

L3_2 after failover

FastEthernet0/1 - Group 1

State is Standby

1 state change, last state change 00:00:47

Virtual IP address is 192.168.1.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.616 secs

Preemption enabled

Active router is 192.168.1.1, priority 105 (expires in 8.216 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Fa0/1-1" (default)

FastEthernet0/1 - Group 2

State is Active

1 state change, last state change 00:01:05

Virtual IP address is 192.168.1.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.304 secs

Preemption enabled

Active router is local

Standby router is 192.168.1.1, priority 100 (expires in 8.796 sec)

Priority 105 (configured 105)

IP redundancy name is "hsrp-Fa0/1-2" (default)

vijay.swaminathan · ‎05-24-2012

Hi Jigar,

I'm little confused here. Does L3_1 retain as "ACTIVE" for group 1 even after fail? ideally when L3_1 fails, L3_2 should be active for both the groups.

I'll lab it out and update you with my observations.

Thanks,

-Vijay

Richard Burts · ‎05-24-2012

Thank you for the additional information. I am quite surprised at the output after the failure. It shows that L3_1 is still the active member of the HSRP group 1. Perhaps you can tell us a bit about what kind of failure you created to test the HSRP functions?

HTH

Rick

HTH

Rick

vijay.swaminathan · ‎05-24-2012

Hi Jigar,

I have labbed this up and it works as expected:

Before L3_1 failed:

==============

DSW1#sh standby

Vlan10 - Group 1

State is Active

2 state changes, last state change 00:01:31

Virtual IP address is 10.10.23.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.236 secs

Preemption enabled

Active router is local

Standby router is 10.10.23.3, priority 100 (expires in 8.388 sec)

Priority 105 (configured 105)

IP redundancy name is "hsrp-Vl10-1" (default)

Vlan10 - Group 2

State is Standby

4 state changes, last state change 00:00:08

Virtual IP address is 10.10.23.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.564 secs

Preemption enabled

Active router is 10.10.23.3, priority 105 (expires in 9.552 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Vl10-2" (default)

DSW1#

L3_2 Before fail:

============

DSW2#sh standby

Vlan10 - Group 1

State is Standby

1 state change, last state change 00:00:12

Virtual IP address is 10.10.23.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.732 secs

Preemption enabled

Active router is 10.10.23.2, priority 105 (expires in 9.644 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Vl10-1" (default)

Vlan10 - Group 2

State is Active

1 state change, last state change 00:00:26

Virtual IP address is 10.10.23.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.900 secs

Preemption enabled

Active router is local

Standby router is 10.10.23.2, priority 100 (expires in 8.736 sec)

Priority 105 (configured 105)

IP redundancy name is "hsrp-Vl10-2" (default)

DSW2#

After L3_1 failure output at L3_2:

=============

DSW2#sh standby

Vlan10 - Group 1

State is Active

2 state changes, last state change 00:00:54

Virtual IP address is 10.10.23.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.036 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 100 (default 100)

IP redundancy name is "hsrp-Vl10-1" (default)

Vlan10 - Group 2

State is Active

1 state change, last state change 00:18:50

Virtual IP address is 10.10.23.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.344 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 105 (configured 105)

IP redundancy name is "hsrp-Vl10-2" (default)

DSW2#

Once L3_1 comes back:

-----------------------------

DSW1(config-if)#no shut

DSW1(config-if)#

*Mar 1 00:58:38.111: HSRP: Vl10 API 10.10.23.2 is not an HSRP address

*Mar 1 00:58:38.115: HSRP: Vl10 API MAC address update

*Mar 1 00:58:38.119: HSRP: Vl10 API Software interface coming up

*Mar 1 00:58:38.123: HSRP: Vl10 Interface up

*Mar 1 00:58:38.123: HSRP: Vl10 Starting minimum interface delay (1 secs)

*Mar 1 00:58:38.123: HSRP: Vl10 API Software interface coming up

*Mar 1 00:58:38.131: IP ARP: sent rep src 10.10.23.2 c401.1110.0000,

dst 10.10.23.2 ffff.ffff.ffff Vlan10

*Mar 1 00:58:38.131: HSRP: Vl10 API Add active HSRP addresses to ARP table

DSW1(config-if)#

*Mar 1 00:58:38.135: IP ARP: sent rep src 10.10.23.2 c401.1110.0000,

dst 10.10.23.2 ffff.ffff.ffff Vlan10

*Mar 1 00:58:38.135: HSRP: Vl10 API Add active HSRP addresses to ARP table

*Mar 1 00:58:38.939: HSRP: Vl10 Grp 2 Active router is 10.10.23.3

*Mar 1 00:58:39.123: HSRP: Vl10 Interface min delay expired

*Mar 1 00:58:39.123: HSRP: Vl10 Grp 1 Init: a/HSRP enabled

*Mar 1 00:58:39.123: HSRP: Vl10 Grp 1 Init -> Listen

*Mar 1 00:58:39.123: HSRP: Vl10 Grp 1 IP Redundancy "hsrp-Vl10-1" state Init -> Backup

*Mar 1 00:58:39.127: HSRP: Vl10 Grp 2 Init: a/HSRP enabled

*Mar 1 00:58:39.127: HSRP: Vl10 Grp 2 Init -> Listen

*Mar 1 00:58:39.127: HSRP: Vl10 Grp 2 IP Redundancy "hsrp-Vl10-2" state Init -> Backup

*Mar 1 00:58:39.627: HSRP: Vl10 Grp 1 Active router is 10.10.23.3

*Mar 1 00:58:39.627: HSRP: Vl10 Grp 1 Listen: h/Hello rcvd from lower pri Active router (100/10.10.23.3)

*Mar 1 00:58:39.627: HSRP: Vl10 Grp 1 Active router is local, was 10.10.23.3

DSW1(config-if)#*Mar 1 00:58:39.631: HSRP: Vl10 Grp 1 Listen -> Active

*Mar 1 00:58:39.631: %HSRP-5-STATECHANGE: Vlan10 Grp 1 state Listen -> Active

*Mar 1 00:58:39.631: HSRP: Vl10 Grp 1 IP Redundancy "hsrp-Vl10-1" state Backup -> Active

*Mar 1 00:58:39.635: IP ARP: sent rep src 10.10.23.10 0000.0c07.ac01,

dst 10.10.23.10 ffff.ffff.ffff Vlan10

*Mar 1 00:58:39.639: IP ARP: sent rep src 10.10.23.10 0000.0c07.ac01,

dst 10.10.23.10 0100.0ccd.cdcd Vlan10

*Mar 1 00:58:39.903: IP ARP: creating incomplete entry for IP address: 10.10.23.3 interface Vlan10

*Mar 1 00:58:39.903: IP ARP: sent req src 10.10.23.2 c401.1110.0000,

dst 10.10.23.3 0000.0000.0000 Vlan10

*Mar 1 00:58:40.099: IP ARP: rcvd rep src 10.10.23.3 c402.1110.0000, dst 10.10.23.2 Vlan10

*Mar 1 00:58:40.115: %LINK-3-UPDOWN: Interface Vlan10, changed state to up

DSW1(config-if)#

*Mar 1 00:58:40.115: HSRP: API Hardware state change

DSW1(config-if)#

*Mar 1 00:58:41.115: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

DSW1(config-if)#end

DSW1#

*Mar 1 00:58:42.639: IP ARP: sent rep src 10.10.23.10 0000.0c07.ac01,

dst 10.10.23.10 ffff.ffff.ffff Vlan10

*Mar 1 00:58:42.639: IP ARP: sent rep src 10.10.23.10 0000.0c07.ac01,

dst 10.10.23.10 0100.0ccd.cdcd Vlan10

*Mar 1 00:58:42.643: HSRP: Vl10 Grp 1 IP Redundancy "hsrp-Vl10-1" state Active -> Active

DSW1#

*Mar 1 00:58:43.771: %SYS-5-CONFIG_I: Configured from console by console

DSW1#sh

*Mar 1 00:58:45.643: IP ARP: sent rep src 10.10.23.10 0000.0c07.ac01,

dst 10.10.23.10 ffff.ffff.ffff Vlan10

*Mar 1 00:58:45.643: IP ARP: sent rep src 10.10.23.10 0000.0c07.ac01,

dst 10.10.23.10 0100.0ccd.cdcd Vlan10

*Mar 1 00:58:45.647: HSRP: Vl10 Grp 1 IP Redundancy "hsrp-Vl10-1" state Active -> Active

DSW1#sh standby

Vlan10 - Group 1

State is Active

4 state changes, last state change 00:00:23

Virtual IP address is 10.10.23.10

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.492 secs

Preemption enabled

Active router is local

Standby router is 10.10.23.3, priority 100 (expires in 8.572 sec)

Priority 105 (configured 105)

IP redundancy name is "hsrp-Vl10-1" (default)

Vlan10 - Group 2

State is Standby

9 state changes, last state change 00:00:04

Virtual IP address is 10.10.23.20

Active virtual MAC address is 0000.0c07.ac02

Local virtual MAC address is 0000.0c07.ac02 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.976 secs

Preemption enabled

Active router is 10.10.23.3, priority 105 (expires in 9.792 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Vl10-2" (default)

DSW1#

jigar.sheth · ‎05-24-2012

ACTIVE-ACTIVE senario.....

L3_1 should be active for group 1 and L3_2 should be active for group 2;

Case

1) L3_1 switch get failed L3_2 should be active for group 1 but when L3_1 runs after fails over, for group 1. L3_1 should be ative .same as for group 2 and L3_2

2) if link between L3_1 and router get failed, l3_2 will be active for group 2 but when link gets active l3_1 switch should be active for group 1 ..same for group 2 and L3_2

suggets the configuration....

vijay.swaminathan · ‎05-25-2012

Hi Jigar,

1. The configuration that you posted earlier would work for the case 1.

2. This can be achived by using the Tracking features in HSRP. Also , if link between L3_1 and routers failes, then L3_2 will be active for group 1 as well and when the same link comes up, then L3_1 takes over as active:

the configuation could be:

On L3_1

-----------

ip add 192.168.1.1 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

standby 1 priority 105

standby 2 ip 192.168.1.20

standby 2 priority 105

standby 2 preempt

standby 1 track 1 decrement 6

also you have to define track :

track 1 interface line-protocol

On L3_2

--------

ip add 192.168.1.2 255.255.255.0

standby 1 ip 192.168.1.10

standby 1 preempt

standby 2 ip 192.168.1.20

standby 2 preempt

so when the interface towards Router goes down, the line-protocol status monitered by the track object goes down. so action is to decrement the priotity by 6. since the already configured priority is : 105 and now with the decrement should become 105 -6 = 99 which is less than the priority configured on L3_2 for that group. so L3_2 will take over as Active.

when L3_1 link towards router comes up, the priority will now be 105 and will take over as active for that group.

HTH

-Vijay